Wednesday, February 12, 2014

Watch Out for the Cryptolocker Trojan

A small law firm in North Carolina was recently locked out of their electronic files.


An article posted on NetworkWorld magazine’s website on February 10, 2014 describes how the Cryptolocker virus infiltrated a North Carolina law firm locking all their electronic files.  The article states:
“The email infected a company server holding thousands of important documents after an email with a malicious attachment was mistaken for a message sent from the firm's phone answering service. 
That error left every single document used by firm on its main server in an encrypted state, including Word, WordPerfect and PDF files, said Goodson's owner, Paul M. Goodson.”
Another article posted on on describes how the criminals get unsuspecting users to open the e-mail and attachment:
“According to the US Computer Emergency Readiness Team, it spreads through an email that appears to be a tracking notification from UPS or FedEx, though some victims said they got infected on the tail end of wiping out a previous botnet infection. And in case it wasn’t clear, you don’t need to be in the US to become infected. 
Nachreiner (Corey Nachreiner, director of security strategy at Watchguard Security) said that it’s more than opening the email that spreads the virus. You need to open the email and actually download the zip file inside it. Hiding inside that zip file is a double-extension file such as *.pdf.exe.  
The .exe file lets CryptoLocker run on your computer, while the innocuous .pdf extension hides the file’s true function.”
So what should you do if this happens?  The article goes on to recommend:
“If you do have a backup, it’s time to wipe your computer of the virus. Fortunately for you, said Nachreiner, just about every antivirus vendor has a CryptoLocker cleanup tool. Work with your regular antivirus software, or follow a tutorial. Nachreiner suggests the FAQ at Bleeping Computer, which he links in his own blog post. 
Restore your backup, and you should be set. Just don’t click on any more dodgy emails.”
Microsoft also offers advice on how to deal with "ransomware" at:

So you do have backups … right?  If you are paranoid like me you have them in multiple places on multiple types of devices that are not connected to your system all of the time. I even use two different backup software applications.  Better safe than sorry as the law firm above learned.

No comments:

Post a Comment